FROM ghcr.io/puppeteer/puppeteer:22

USER root

# Add user so we don't need --no-sandbox.
RUN mkdir -p /home/pptruser/Downloads /app \
    && chown -R pptruser:pptruser /home/pptruser \
    && chown -R pptruser:pptruser /app

# Run everything after as non-privileged user.
USER pptruser

# Install Puppeteer under /node_modules so it's available system-wide
COPY package.json /app/
COPY yarn.lock /app/
RUN cd /app/ && yarn
COPY .env /app/
COPY index.mjs /app/

ARG GHOSTFOLIO_SECURITY_TOKEN
ARG GHOSTFOLIO_HOST
ENV GHOSTFOLIO_SECURITY_TOKEN=$GHOSTFOLIO_SECURITY_TOKEN
ENV GHOSTFOLIO_HOST=$GHOSTFOLIO_HOST

ENTRYPOINT ["/usr/local/bin/node", "/app/index.mjs"]